This project is mirrored from https://gitee.com/mirrors/nomad.git. Pull mirroring failed .
Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer.
  1. 16 Sep, 2019 1 commit
    • Danielle Lancashire's avatar
      volumes: Add support for mount propagation · f89a0c47
      Danielle Lancashire authored
      This commit introduces support for configuring mount propagation when
      mounting volumes with the `volume_mount` stanza on Linux targets.
      
      Similar to Kubernetes, we expose 3 options for configuring mount
      propagation:
      
      - private, which is equivalent to `rprivate` on Linux, which does not allow the
                 container to see any new nested mounts after the chroot was created.
      
      - host-to-task, which is equivalent to `rslave` on Linux, which allows new mounts
                      that have been created _outside of the container_ to be visible
                      inside the container after the chroot is created.
      
      - bidirectional, which is equivalent to `rshared` on Linux, which allows both
                       the container to see new mounts created on the host, but
                       importantly _allows the container to create mounts that are
                       visible in other containers an don the host_
      
      private and host-to-task are safe, but bidirectional mounts can be
      dangerous, as if the code inside a container creates a mount, and does
      not clean it up before tearing down the container, it can cause bad
      things to happen inside the kernel.
      
      To add a layer of safety here, we require that the user has ReadWrite
      permissions on the volume before allowing bidirectional mounts, as a
      defense in depth / validation case, although creating mounts should also require
      a priviliged execution environment inside the container.
      f89a0c47
  2. 12 Sep, 2019 5 commits
  3. 11 Sep, 2019 6 commits
  4. 10 Sep, 2019 2 commits
    • Tim Gross's avatar
      e2e: fixes for race conditions in testing (#6300) · 31f91cf4
      Tim Gross authored
      - In script checks, ensure we're running `Exec` against the new running
        allocation and not the earlier stopped one.
      - In script checks, allow `Exec` calls to error due to lack of pty when
        we use the exec to kill the task.
      - In `utils.go/RegisterAllocs`, force query for allocations to wait on
        wait index returned by registration call.
      31f91cf4
    • Tim Gross's avatar
      test: expand symlink for temp dir for macOS compatibility (#6303) · ae3488db
      Tim Gross authored
      On macOS, `os.TempDir` returns a symlinked path under `/var` which is
      outside of the directories shared into the VM used for Docker, and
      that fails tests using Docker that need that mount. If we expand the
      symlink to get the real path in `/private`, we're in the shared
      folders and can safely mount them.
      ae3488db
  5. 09 Sep, 2019 18 commits
  6. 06 Sep, 2019 8 commits